Closed jnweiger closed 1 year ago
reduce the token timeouts
$ pushd /var/www/owncloud/apps/
$ sed -i -e 's/3600/180/g' oauth2/lib/Db/AccessToken.php
$ sed -i -e 's/600/120/g' oauth2/lib/Db/AuthorizationCode.php
connect client via oauth2, inspect and remove tokens
$ mysql owncloud -e 'select * from oc_oauth2_access_tokens'
+----+------------------------------------------------------------------+-----------+---------+------------+
| id | token | client_id | user_id | expires |
+----+------------------------------------------------------------------+-----------+---------+------------+
| 1 | ETN3uYSb8kXwzgeQbH1wApDSmnLXUhdU9OYqBPybl3u0BZxlyxKAhRDeOjJFFIsu | 1 | admin | 1630626385 |
| 10 | yYCJasvRh3ZmuLMEHcVfBtPqRp4p4j4cpNOtZb5gtabS0frUF6bye7wEXj1XJmrR | 1 | admin | 1630655369 |
| 84 | Ksjj4x8yBZiOUjU4HC1XYS6AUHofG7rjk5y24KSxiqVNUxTEUNnfjej7P8cAesda | 1 | admin | 1631057658 |
| 85 | E9e1bwjdP2o6MGMvhnNufOQC5XWIvZhsRxkTdc9wBQ3cXwF6eLXmjermmhgsFBqX | 1 | admin | 1631117803 |
+----+------------------------------------------------------------------+-----------+---------+------------+
$ mysql owncloud -e 'delete from oc_oauth2_access_tokens'
Wait 3 minutes, a new token appears in the database.
change the client id so that token refresh is no longer possible:
$ mysql owncloud -e 'update oc_oauth2_clients set id=99 where name like "Desktop%"'
$ mysql owncloud -e 'delete from oc_oauth2_access_tokens'
the client gets logged out, the oauth dialog restarts
you can reauthenticate, a new token with the new id=99 is generated.
$ mysql owncloud -e 'select * from oc_oauth2_access_tokens'
+----+------------------------------------------------------------------+-----------+---------+------------+
| id | token | client_id | user_id | expires |
+----+------------------------------------------------------------------+-----------+---------+------------+
| 90 | ix1llPRlWrpL8HcJOLSN5BR8DVTGh6V7rDkHd5jPwBucNPiECZM3LztQV3OdUVxa | 99 | admin | 1631119210 |
+----+------------------------------------------------------------------+-----------+---------+------------+
enter server url at client
The auth form opens in a web browser. Find the redirect_uri in the params, it ends in 673 in this example:
change the last digit (from 3 to 4), hit enter to send this url.
use wrong user name, login fails,
use wrong password, login fails
use correct username and password, authorization succeeds, but the redirect back to the client fails as expected:
This is due to the changed port number. Change the digit back to normal, hit enter -> the client connects.
Regression test passed!
All QA passed. :ship: it!
old release was done
Setup
Setup details (click to expand)
References: * https://github.com/owncloud/oauth2/wiki/OAuth-code-Flow-Sequence-DiagramOAuth2 app Test Plan
This aims to be a client-agnostic testplan for the OAuth2 application, centered in the actions available in the webUI and/or
occ
commands and their impact on ownCloud's core behavior. To test the application from a client standpoint see:Testing functionality
occ app:enable oauth2
- Replies from the WebDAV endpoint includes a new
WWW-Authenticate: Bearer...
headerocc app:disable oauth2
- Previously mentioned header goes away in further requests
client_id
andclient_secret
are generated together with a (required) Client Name and a (required) Redirection URL- All client sessions opened from those clients get removed
user
parameter in: https://github.com/owncloud/oauth2/pull/67See details below:https://github.com/owncloud/oauth2/issues/301#issuecomment-915357324
See details below: https://github.com/owncloud/oauth2/issues/301#issuecomment-915363173